Purview policy allow few internal users and few external users only
I have a requirement to implement policy in Microsoft Purview DLP. Allow only few internal users to send documents via email, teams, share-point etc. based on sensitive info type matching policy. and block all other internal users. Also I want to allow few external users (which does not belong to organization) to receive those documents. How can I make that policy?
Can you prevent the downgrade of a sensitivity label?
I know you can require a justification to downgrade a label to a less restrictive label, but can you prevent it? It seems a logical extension of this capability but I cannot find any articles to suggest this is possible. The only thing I can think of is to encrypt the label, and don't allow the "Edit rights". I am going to be testing this, but I was wondering if there is another (better) way.
Mail retention policy for Archive M365 Data Lifecycle Management
Hi, I want to apply an email retention policy such that, the emails in the mailbox are retained for 3 years and get deleted and the mail in the archive is there for 5 years and get deleted. Now, I have enabled a retention policy through Data lifecycle management-> Microsoft 365. The policy will retain emails for 3 years and after that, the emails will be deleted. But, the issue is that this policy is being applied to the archive as well and I want to exclude the archive so that the archive will have a different policy- email retention for 5 years, could someone please suggest how to achieve that using Data lifecycle management-> Microsoft 365? This is what the policy looks like in my archive email:
DataBot (aka DataConcierge) with Microsoft Purview
Microsoft Purview is a PaaS service that helps organizations manage and govern their data in hybrid and multi-cloud environments. By using the enterprise data catalog, organizations can easily track and catalog their data assets and sources. With Microsoft Teams and Power Automate, it is possible to create a simple bot that can access the catalog's REST API and perform various operations within the Teams interface. This can make it easier for teams to access and manage their data without having to switch between different tools. The additional objective is to enable seamless integration and collaboration within the enterprise business users and modern digital solutions. The Architecture is simple, as Microsoft Teams will be a primary interface and connect to Microsoft Purview via REST API using Power Virtual Agent and Power Automate. It also integrates with Azure Active Directory for authentication and authorization. You can take out Power Virtual Agent if you want to optimize the cost by going in a less conversational way. An interactive conversational agent can be embedded using Power Virtual Agent or traditional bot framework with Azure Solutions and this can be published as an app and consumed via different channels such as Microsoft Teams, direct Bot interface, Web Application, Mobile App etc., I have built a POC that demonstrates the basic functionalities (search data asset & glossary) of the Data Concierge, and this can be expanded based on the use cases and I have primarily used Microsoft teams with a private chat and teams channel for better collaboration. The Microsoft Teams integration enables better collaboration with enterprise teams/business units. All teams can interact with the same Data Bot just by typing @Data Concierge<topic keywords/response> with new/existing conversations. The Microsoft Purview documentation references for REST API. How to use REST APIs for Microsoft Purview Data Planes - Microsoft Purview | Microsoft Docs Discovery - Query - REST API (Microsoft Purview) | Microsoft Docs Quick Links: Microsoft Purview: https://web.purview.azure.com/ Azure Active Directory App or Service Principal: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps or https://aad.portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps Microsoft Teams: https://teams.microsoft.com/ Power Virtual Agent: https://web.powerva.microsoft.com/ Power Automate: https://flow.microsoft.com/ Azure Portal: https://portal.azure.com/ Conclusion: Microsoft Purview REST API can be integrated with any custom applications. Some relevant use cases for Microsoft Purview REST API usage: Data Bot for an enterprise user with all data sources/assets Virtual Data Engineer for Data Analyst and Data Scientist Custom app with Data Lineage and Data Map Custom data assets registration and data enrichment Workflow automation and metadata policy management with REST API Glossary search and data assets scanning Enterprise Data Lake adoption through custom bot interface You may reachout to Microsoft team if you're already using Microsoft Azure Cloud & Microsoft Teams in your environment.
Azure Information Protection Viewer Issue
Hello Everyone, I have installed the last Azure Information Protection Viewer version in some devices. There is an issue with the resolution of this Tool. The options size looks bad. I have changed several screen configuration options, installed components (Net Framework) but it still appears this way when I open it. This doesn't happen when I install older versions. I will appreciate any help because I don't know what else to do.Sensitivity label based DLP policy for Microsoft Teams
I want to create DLP a policy when a document is sensitivity labeled lets say "Restricted" it should be blocked on Microsoft Teams, Onedrive and Sharepoint. When I created policy in Microsoft Purview DLP and select teams for policy scope, in condition, Sensitivity label option does not appear. It appears only as sensitive info types. How can I create policy for Microsoft Teams to block documents sharing based on sensitivity labels?
Purview Data Lifecycle/Records Management Steps
Hi, I have used Purview Information Protection many times. We typically use both the Cloud and on-premises Information Protection tools to first do a Discovery of the data. Then using these tools we Classify and Label the data. Now, we are looking to use the Purview Data Lifecycle/Record Management. Does it follow the same process? Do we first Discover the data? Is there a 'discovery' option in Purview Data Lifecycle/Record Management? Could we get a report, before any classification/labeling takes place? Or do we use the 'discovery' tools in Purview Information Protection still? Once the 'discovery' is done, I assume we have to use the Purview Data Lifecycle/Record Management tools to create and apply the labels - as these are different labels to Purview Information Protection, correct? So, could we, just using the Purview Data Lifecycle/Record Management tools do 'Discovery', then 'Classification' and then 'Labeling' of data? Thank you, SK
